Security Alerts & News
by Tymoteusz A. Góral

#1895 EITest nabbing Chrome ssers with a “Chrome Font” social engineering scheme
“EITest” is a well-documented infection chain that generally relies on compromised websites to direct users to exploit kit (EK) landing pages. EITest has been involved in the delivery of a variety of ransomware, information stealers, and other malware, with clear evidence of its use dating back to 2014. Elements of EITest may be much older, though, with hints pointing to EITest being an evolution of the “Glazunov” infection chain from 2011 [1]. The first server side documentation of this evolution came from Sucuri in July 2014 [2] associated with waves of Wordpress exploitation via the MailPoet plugin vulnerability. KahuSecurity recently analyzed the server side script in October 2016 [3].
Read more
#1902 Dutch developer added backdoor to websites he built, phished over 20,000 users
#1901 Ukraine's power outage was a cyber attack: Ukrenergo
#1900 GCHQ encourages teenage girls to become cybersecurity professionals of the future
#1899 Project Zero finds XSS bug in auto-installed Adobe Acrobat Chrome extension
#1898 Uncovering the inner workings of EyePyramid
#1897 Oracle's monster security update: 270 fixes and over 100 remotely exploitable flaws
#1896 Newly discovered Mac malware found in the wild also works well on Linux
#1895 EITest nabbing Chrome ssers with a “Chrome Font” social engineering scheme
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12